Azure App Service – Force redirect from HTTP to HTTPS the easy way!

Once you have uploaded your SSL certificates to your Azure App Service and then configured the bindings (if you are using your own custom domains), there are two ways to force ALL requests to be redirected from HTTP to HTTPS. The ‘Developer way‘ and the ‘Easy, no code way‘!

Developers way

If you have published your own code, then one way is to manually alter the web.config file with an IIS URL Rewrite and publish the changes.

If using ASP.NET MVC 3 or later then you can just decorate you controller class or methods with [RequireHttps] attribute too, but these days you really should be using HTTPS for everything.

To that end, the MVC 3 + way is to the whole site redirects to HTTPS (without needing attributes) is to add

Easy, No code way

However, if you have just used one of the many templates to create an App Service, such as a WordPress site, then you probably don’t want to go messing with the web.config files yourself if you can avoid it.

The RequireHttpsAttribute only implements the IAuthenticationFilter.OnAuthentication filter method. I’d assume it is called only when authentication is requested. See my StackOverflow post for details: https://stackoverflow.com/a/46852259/4074527

Just to let you all know that as of fairly recently this functionality is built into Azure App Services. It’s hidden away under the “Custom Domains” section. As far as I can tell, it issues a 301 to any request that comes in over http